Results 1 to 15 of 15

Thread: A few players on 2+2 are claiming that large Ignition bitcoin cashouts are vanishing

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2

    A few players on 2+2 are claiming that large Ignition bitcoin cashouts are vanishing

    Disturbing story, and I think I believe it.

    https://forumserver.twoplustwo.com/2...loyee-1687276/

    A guy made a new account on 2+2 named "ignitionBitcoin" and claimed his $9500 cashout simply vanished. When he checked into it, he found that the cashout WAS processed, but to a completely different bitcoin address (not his) than he had submitted!

    Further investigation into the matter showed that the bitcoin address where it did go was cleared out immediately after the bitcoin was received -- by a series of very small transactions.

    Ignition verified that there was never a cancellation of his original withdrawal. So there was not a situation of someone hacking his Ignition account, cancelling it, and withdrawing to their own BTC address.

    Furthermore, he checked his blockchain.info account, and the address where it was sent was not close to any BTC addresses he had ever generated.

    It is almost certain that, if this story is to be believed, either the payment processor or a rogue Ignition employee changed the BTC address where the money was supposed to go.

    Ignition will not re-send the $9500, insisting that their system shows he submitted the same address that the processor paid. This would lead one to believe that it's more likely a rogue employee than the processor, but it also might mean that Ignition simply doesn't want to admit that their processor is doing this.

    I was a bit skeptical that a dupe/fake account was reporting this, despite claiming to be a regular mid-stakes player, but then others showed up and echoed that they were either victims of this, or had close friends who were. You can read the above thread (it's not very long) for more info.

    Now I'm scared to make any withdrawal in BTC on Ignition/Bovada, and you should be, too.

    When you make these withdrawals, you do NOT get any confirmation -- either on screen or by e-mail -- stating which address the cashout will be sent. That's a huge flaw.

    One idea I had was to do it by phone. Bovada/Ignition records all of their calls, and presumably you could pressure them to check the call (and even record it yourself on your end) if they pull the switcheroo on the address. You could also ask at the end of the call for them to e-mail you a more detailed confirmation (not sure if they would be willing). But I think that's what I might try.

  2. #2
    Quote Originally Posted by Dan Druff View Post
    Disturbing story, and I think I believe it.

    https://forumserver.twoplustwo.com/2...loyee-1687276/

    A guy made a new account on 2+2 named "ignitionBitcoin" and claimed his $9500 cashout simply vanished. When he checked into it, he found that the cashout WAS processed, but to a completely different bitcoin address (not his) than he had submitted!

    Further investigation into the matter showed that the bitcoin address where it did go was cleared out immediately after the bitcoin was received -- by a series of very small transactions.

    Ignition verified that there was never a cancellation of his original withdrawal. So there was not a situation of someone hacking his Ignition account, cancelling it, and withdrawing to their own BTC address.

    Furthermore, he checked his blockchain.info account, and the address where it was sent was not close to any BTC addresses he had ever generated.

    It is almost certain that, if this story is to be believed, either the payment processor or a rogue Ignition employee changed the BTC address where the money was supposed to go.

    Ignition will not re-send the $9500, insisting that their system shows he submitted the same address that the processor paid. This would lead one to believe that it's more likely a rogue employee than the processor, but it also might mean that Ignition simply doesn't want to admit that their processor is doing this.

    I was a bit skeptical that a dupe/fake account was reporting this, despite claiming to be a regular mid-stakes player, but then others showed up and echoed that they were either victims of this, or had close friends who were. You can read the above thread (it's not very long) for more info.

    Now I'm scared to make any withdrawal in BTC on Ignition/Bovada, and you should be, too.

    When you make these withdrawals, you do NOT get any confirmation -- either on screen or by e-mail -- stating which address the cashout will be sent. That's a huge flaw.

    One idea I had was to do it by phone. Bovada/Ignition records all of their calls, and presumably you could pressure them to check the call (and even record it yourself on your end) if they pull the switcheroo on the address. You could also ask at the end of the call for them to e-mail you a more detailed confirmation (not sure if they would be willing). But I think that's what I might try.
    oh boy. what a nightmare. the problem with the call idea is reading the BTC address to them. what about taking pictures with your phone of the withdrawal screen?

  3. #3
    I haven't done a bovada withdrawal in a while, but the last time I did, I had to call after my withdrawal request sat there too long. The guy processed the request while I was on the phone and I don't think he used a processor, he just sent the BTC while I was on the phone with him.

    I just read the 2p2 thread, it seems to have happened to a few people. my ? is, one guy was saying that doing a btw transaction of any kind over $3,000 is too risky, any idea what he is talking about?

  4. #4
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2
    Quote Originally Posted by Charham View Post
    I haven't done a bovada withdrawal in a while, but the last time I did, I had to call after my withdrawal request sat there too long. The guy processed the request while I was on the phone and I don't think he used a processor, he just sent the BTC while I was on the phone with him.

    I just read the 2p2 thread, it seems to have happened to a few people. my ? is, one guy was saying that doing a btw transaction of any kind over $3,000 is too risky, any idea what he is talking about?
    Your experience happened to me in 2016.

    I made a Bovada withdrawal and it sat for several days. I thought maybe they were just backed up, but then I saw on 2p2 that people were making BTC withdrawals and getting them in 1-2 days at the time. So I knew some BS was going on.

    I called up and complained about this. At first I got the usual BS runaround. The rep kept telling me to be patient, that they'll send an inquiry but I'd have to wait another 48 hours for an answer, etc. I kept pressing, and then was told to hold while "the payouts team" was contacted by the rep. I sat on hold for 15 minutes. Then the rep told me, "Check it again, the payouts team said the bitcoin was sent earlier today. Maybe you have it by now."

    Sure enough, it was there, and had arrived while I was on hold.

    They were full of shit. They sent it while I was on the phone. I'm guessing they sent it right away, told the rep to leave me on hold for 15 minutes (bitcoin transactions processed faster back then), and then to tell me to check on it, pretending like it was sent before my phone call.

  5. #5
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2
    Quote Originally Posted by Charham View Post
    Quote Originally Posted by Dan Druff View Post
    Disturbing story, and I think I believe it.

    https://forumserver.twoplustwo.com/2...loyee-1687276/

    A guy made a new account on 2+2 named "ignitionBitcoin" and claimed his $9500 cashout simply vanished. When he checked into it, he found that the cashout WAS processed, but to a completely different bitcoin address (not his) than he had submitted!

    Further investigation into the matter showed that the bitcoin address where it did go was cleared out immediately after the bitcoin was received -- by a series of very small transactions.

    Ignition verified that there was never a cancellation of his original withdrawal. So there was not a situation of someone hacking his Ignition account, cancelling it, and withdrawing to their own BTC address.

    Furthermore, he checked his blockchain.info account, and the address where it was sent was not close to any BTC addresses he had ever generated.

    It is almost certain that, if this story is to be believed, either the payment processor or a rogue Ignition employee changed the BTC address where the money was supposed to go.

    Ignition will not re-send the $9500, insisting that their system shows he submitted the same address that the processor paid. This would lead one to believe that it's more likely a rogue employee than the processor, but it also might mean that Ignition simply doesn't want to admit that their processor is doing this.

    I was a bit skeptical that a dupe/fake account was reporting this, despite claiming to be a regular mid-stakes player, but then others showed up and echoed that they were either victims of this, or had close friends who were. You can read the above thread (it's not very long) for more info.

    Now I'm scared to make any withdrawal in BTC on Ignition/Bovada, and you should be, too.

    When you make these withdrawals, you do NOT get any confirmation -- either on screen or by e-mail -- stating which address the cashout will be sent. That's a huge flaw.

    One idea I had was to do it by phone. Bovada/Ignition records all of their calls, and presumably you could pressure them to check the call (and even record it yourself on your end) if they pull the switcheroo on the address. You could also ask at the end of the call for them to e-mail you a more detailed confirmation (not sure if they would be willing). But I think that's what I might try.
    oh boy. what a nightmare. the problem with the call idea is reading the BTC address to them. what about taking pictures with your phone of the withdrawal screen?
    Reading the BTC address to them will take a little time, but how long could it take to read and verify? Like at most 2 minutes?

    The screen shot is useless because you can only screenshot what you are submitting, but not after it's been submitted. So they can just claim you erased the address and then typed something else in after you took the pic.

  6. #6
    Platinum thesparten's Avatar
    Reputation
    -15
    Join Date
    Feb 2014
    Posts
    3,590
    Blog Entries
    1
    Don't understand bthis thread..

    Global pays in 24hours with no fees..hmm????

  7. #7
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2
    informer1 from 2+2 PM'd me there, and told me his story.

    It's a different story. In his case, someone just accessed his account, spammed him with tons of e-mails, and made a withdrawal to a BTC address. (The spam was so he wouldn't see the withdrawal e-mail.)

    One of John Mehaffey's friends also experienced something similar.

    That sort of thing actually sounds less like a shady Bovada employee, and more like a good ol' fashioned password hacking through a keylogger or whatever.

    I am in contact with informer1, and will find out more shortly.

  8. #8
    John's friend is also a good buddy of mine and when he tried explaining what happened on Calvin Ayre's personal Facebook account, his comment was deleted minutes after it was posted.

    He then tried re-posting it on other stories Ayre would post (who knows if this is ACTUALLY Calvin controlling the account) and those, I believe, were either deleted or flat out ignored as well.

    I know Calvin Ayre supposedly doesn't have any controlling interest in the empire he created and is living the good life in the Caribbean, but it's definitely a shitty situation that looked even worse when my friend simply wanted an explanation on how something like this could happen - and subsequently got a big FUCK YOU instead.

    Surely, two-factor authentication could go a long way in situations like this one and the eerily similar stories that have now been told by posters at 2+2.

    Seems stupid that someone could get access to an account, cancel a withdrawal and simply put in a new BTC address and steal someone's funds outright like this.

    Regardless of the clever email spam that helped cover up Bodog's cancellation confirmation email, you would think better protocols would be in place once a new withdrawal was initiated via the same method, albeit it to a completely different wallet address.

    I would imagine security would maybe at least flag that type of activity and freeze the account or something?

    Anyways, looking forward to hearing more about this and if Bodog will do anything about it or if it'll simply get swept under the rug...my money is probably on the latter.
    >> iGaming News, Legislation Updates and Poker Site Reviews @ PokerLaws.org

  9. #9
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2
    I just called Bovada tonight for some information on this.

    I asked if there was any way to do a bitcoin withdrawal over the phone, instead of online. (This would prevent malware hijacking of the submitted form, as well as provide a voice trail of the transaction, as Bovada/Ignition records all of their calls, and the user can as well.)

    Unfortunately, there is no way to do this.

    The only way to submit a BTC withdrawal is to do so via the online form.

    I then asked if the player can somehow get an e-mail with the BTC address where the money will go, even if he has to manually request it.

    I was told this is not possible.

    I was also told that reps have no access to the BTC address of withdrawal, until after the withdrawal is approved, and the BTC is minutes away from being sent. Therefore, you cannot even call and verify that the right address was received.

    This is obviously a huge flaw, as there's no way to tell if your cashout has been hijacked until already too late. You also have no proof that the BTC was actually sent to the wrong place.

    I am going to call during the day and ask for a manager, and see if I can get this changed.

    First off, they need to send an immediate e-mail with the BTC address you submitted. This way, if it's wrong (such as a malware hijack), you can call up and cancel it. Furthermore, you will have proof if anyone at Bovada or the payment processor decides to send it elsewhere.

    The above would prevent what happened to the OP.

    Second, there needs to be some kind of warning to users whose accounts are compromised in some way, with a BTC withdrawal made without their permission. For example, they should be able to lock their BTC withdrawals (that is, completely disallow them) until they call up and open them again. This would prevent BTC withdrawals from being made without the user's knowledge.

    I agree with PINO that a 2-factor authentication system would be great, but I doubt they could implement this in a short time, nor would they be willing to waste time developing this.

    I feel that my simpler security measures need to be put in place, due to the irreversibility and anonymity of BTC.

    Right now this stuff is occurring because it's a crime of opportunity. Take the opportunity away, and this crap will stop.

    Hopefully Bovada management will be open to these suggestions.

  10. #10
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2
    I had a long conversation with a Bovada supervisor named "Tysena", who appeared to be in the Philippines.

    She agreed that my suggestions above were good ones, and said that these would be submitted to management.

    I told her that wasn't good enough, and that I wanted management to call me. I cited the seriousness of the matter, and reminded them of the PFA Radio show.

    Supposedly I will get a call from management to discuss this, but I'm not holding my breath.

    I did get one useful piece of info, and that is the fact that you can apparently get the last 4 digits of your BTC address from a customer service rep, immediately after making a cashout. So that will probably solve the first issue to a degree, though a real confirmation screen/e-mail with the full address would be better.

    They still need to allow people to disable BTC cashouts until they're ready, thus preventing the unauthorized cashouts being made without the user's knowledge.

  11. #11
    Gold ftpjesus's Avatar
    Reputation
    315
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    2,420
    What they need to do is like what Payza the payment processor does which is the ability to secure your acct not only with a password but a secondary transaction PIN but finally utilize the google Authenticator 2FA app which is basically unbreakable as it functions like the old key fobs on PokerStars where it generates a random 6 digit code on your device which you must have to access the account or at least for deposits and withdrawals. Coinbase and Kraken use it and it’s becoming more common and creates a much higher security threshold and nearly impossible to pull off what happened here unless indeed it’s an insider pulling it on Ignition/Bovada end if that’s the case then Bovnition needs to be taken down.
    <This Ad Space for Rent or Sale>

  12. #12
    Nova Scotia's REAL #1 Webcam DJ sonatine's Avatar
    Reputation
    5460
    Join Date
    Mar 2012
    Posts
    23,987
    Ignition is hacked, is the correct answer here btw.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  13. #13
    Owner Dan Druff's Avatar
    Reputation
    4688
    Join Date
    Mar 2012
    Posts
    32,965
    Blog Entries
    2
    I received a call on Tuesday that management is discussing ways to make this more secure, and that the feeling within the company is that I raised legitimate concerns.

    They will supposedly call me when something is implemented.

  14. #14
    Quote Originally Posted by Dan Druff View Post
    I received a call on Tuesday that management is discussing ways to make this more secure, and that the feeling within the company is that I raised legitimate concerns.

    They will supposedly call me when something is implemented.
    Thanks for update. As I think about this more the analogy should be something like the cash room of a casino rather than a processor credit card operation. You would not let some third party sort your cash. Bovada should handle bitcoin in house in a heavily monitored way. Think a room with cameras and cash room level processes.

  15. #15
    Nova Scotia's REAL #1 Webcam DJ sonatine's Avatar
    Reputation
    5460
    Join Date
    Mar 2012
    Posts
    23,987
    Quote Originally Posted by Charham View Post
    Quote Originally Posted by Dan Druff View Post
    I received a call on Tuesday that management is discussing ways to make this more secure, and that the feeling within the company is that I raised legitimate concerns.

    They will supposedly call me when something is implemented.
    Thanks for update. As I think about this more the analogy should be something like the cash room of a casino rather than a processor credit card operation. You would not let some third party sort your cash. Bovada should handle bitcoin in house in a heavily monitored way. Think a room with cameras and cash room level processes.

    How about just checksumming every link in the process to validate its integrity?


    Honestly it's not rocket science but it does require a background in Information Security to do this shit right.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. I need a Bitcoin wallet for large deposits from online casinos and sports books
    By Matt The Rat in forum Poker Community Discussion
    Replies: 18
    Last Post: 11-17-2016, 11:57 AM
  2. Replies: 31
    Last Post: 06-03-2014, 09:24 PM
  3. Replies: 1
    Last Post: 02-28-2014, 03:04 AM
  4. Bovada Cashouts
    By nightmarefish in forum Flying Stupidity
    Replies: 52
    Last Post: 05-08-2013, 02:23 PM
  5. Bovada cashouts
    By Mdwst Hstlr in forum Flying Stupidity
    Replies: 2
    Last Post: 10-06-2012, 08:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •